You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ken Giusti (JIRA)" <ji...@apache.org> on 2016/05/16 20:25:13 UTC
[jira] [Created] (PROTON-1199) A soft link within the Go
subdirectory causes fatal sandbox errors
Ken Giusti created PROTON-1199:
----------------------------------
Summary: A soft link within the Go subdirectory causes fatal sandbox errors
Key: PROTON-1199
URL: https://issues.apache.org/jira/browse/PROTON-1199
Project: Qpid Proton
Issue Type: Bug
Components: go-binding
Affects Versions: 0.12.2, 0.11.1, 0.13.0
Environment: python distutils
Reporter: Ken Giusti
Assignee: Alan Conway
Priority: Blocker
Fix For: 0.13.0
Attempting to use a package dependency on python-qpid-proton from within a setup.py will fail. This prevents pyngus from using any version of proton > 11.0.
This is due to a soft link in the .tar distribution that attempts to reference files outside of the sandbox used by distutils.
To reproduce:
1) clone https://github.com/kgiusti/pyngus
2) modify the setup.py file in the top directory:
--- a/setup.py
+++ b/setup.py
@@ -33,7 +33,7 @@ try:
except ImportError:
# this version of proton will download and install the proton shared
# library as well:
- _dependencies = ['python-qpid-proton>=0.9,<0.11']
+ _dependencies = ['python-qpid-proton>=0.9,<0.12']
3) create a virtual env:
$ virtualenv PY27; source PY27/bin/activate
4) attempt to install pyngus
$ python setup.py build install
The last step will fail at the point where it unpacks the proton source tarball.
After a bit of debugging, I've root caused the issue:
fetching http://www.apache.org/dist/qpid/proton/0.11.1/qpid-proton-0.11.1.tar.gz into build/bundled
SandboxViolation: symlink('../../../../../../tests/interop', 'build/bundled/qpid-proton-0.11.1/proton-c/bindings/go/src/qpid.apache.org/amqp/interop') {}
The package setup script has attempted to modify files on your system
that are not within the EasyInstall build area, and has been aborted.
The link does point at the top of the unpacked tar, but for some reason EasyInstall thinks it is outside the build tree.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org